Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-31316

    The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter.... Read more

    Affected Products : webpanel
    • EPSS Score: %65.42
    • Published: May. 18, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-25029

    In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied da... Read more

    Affected Products : versa_director
    • EPSS Score: %2.41
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-32888

    The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform, Enterprise Editions. Prior to version 2.1.0.28, SQL injection i... Read more

    Affected Products :
    • Published: May. 15, 2024
    • Modified: Jun. 12, 2025

  • 10.0

    CRITICAL
    CVE-2024-31351

    Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6.... Read more

    Affected Products : copymatic
    • Published: May. 17, 2024
    • Modified: Apr. 18, 2025

  • 10.0

    HIGH
    CVE-2021-29089

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : photo_station
    • EPSS Score: %1.02
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-20699

    Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 a... Read more

    • EPSS Score: %0.53
    • Published: Jun. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-26472

    In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges.... Read more

    Affected Products : windows bdr_suite offsite_dr
    • EPSS Score: %9.97
    • Published: Jun. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11134

    Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN ranging setup attribute inside a NAN management frame are not Properly validated in Snapdragon Auto, Snapdragon Compute, Snapdragon... Read more

    • EPSS Score: %0.33
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11182

    Possible heap overflow while parsing NAL header due to lack of check of length of data received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile... Read more

    • EPSS Score: %0.43
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-34679

    Thycotic Password Reset Server before 5.3.0 allows credential disclosure.... Read more

    Affected Products : password_reset_server
    • EPSS Score: %0.24
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-0324

    Product: AndroidVersions: Android SoCAndroid ID: A-175402462... Read more

    Affected Products : android
    • EPSS Score: %0.17
    • Published: Jun. 14, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-21777

    An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted network request can lead to an out-of-bounds read.... Read more

    Affected Products : opener
    • EPSS Score: %0.34
    • Published: Jun. 17, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-21787

    CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.... Read more

    Affected Products : crmeb
    • EPSS Score: %0.40
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-5675

    Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal, affecting version 3.83.35. This vulnerability could allow an attacker to execute arbitrary code, by injecting a malicious payload into the “ViewState” field.... Read more

    Affected Products : mentor
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-28809

    An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulnerability in the f... Read more

    Affected Products : qts hybrid_backup_sync
    • EPSS Score: %0.58
    • Published: Jul. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-30118

    An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management (RMM) 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an ... Read more

    Affected Products : vsa
    • EPSS Score: %1.85
    • Published: Jul. 09, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-35961

    Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission.... Read more

    Affected Products : dr.id_access_control
    • EPSS Score: %1.58
    • Published: Jul. 16, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-35965

    The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in.... Read more

    Affected Products : orca_hcm
    • EPSS Score: %1.80
    • Published: Jul. 19, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-20110

    Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request... Read more

    Affected Products : manageengine_assetexplorer
    • EPSS Score: %1.87
    • Published: Jul. 19, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-21937

    An command injection vulnerability in HNAP1/SetWLanApcliSettings of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to execute arbitrary system commands.... Read more

    Affected Products : cx2_firmware cx2
    • EPSS Score: %8.07
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291562 Results